[147302] in cryptography@c2.net mail archive
Re: [Cryptography] RSA recommends against use of its own products.
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Thu Sep 26 06:03:13 2013
X-Original-To: cryptography@metzdowd.com
Date: Thu, 26 Sep 2013 11:18:08 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: cryptography@metzdowd.com, kristian.gjosteen@math.ntnu.no
In-Reply-To: <F39CA367-75C4-442A-B810-28D9D489E6CA@math.ntnu.no>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
=?iso-8859-1?Q?Kristian_Gj=F8steen?= <kristian.gjosteen@math.ntnu.no> writes:
>(For what it's worth, I discounted the press reports about a trapdoor in
>Dual-EC-DRBG because I didn't think anyone would be daft enough to use it. I
>was wrong.)
+1. It's the Vinny Gambini effect (from the film My Cousin Vinny):
Judge Haller: Mr. Gambini, didn't I tell you that the next time you appear
in my court that you dress appropriately?
Vinny: You were serious about dat?
And it's not just Dual-EC-DRBG that triggers the "You were serious about dat?"
response, there are a number of bits of security protocols where I've been...
distinctly surprised that anyone would actually do what the spec said.
(Having said that, I've also occasionally been pleasantly surprised when, by
unanimous unspoken consensus among implementers, everyone ignored the spec and
did the right thing).
Peter.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography